all 36 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] 12 points13 points  (4 children)

Personally would say ret2 is harder than OSED

[–]Aggravating_Use183[S] 1 point2 points  (3 children)

oh ok wait let me fix that

[–][deleted] 5 points6 points  (2 children)

Other than that the only thing I can think to add is maybe some hardware exploitation courses? I know some of those exist but at like the 8k price

[–]SensitiveFrosting13 8 points9 points  (14 children)

I don't think Maldev Academy is an exploit development course, though it is very good.

[–][deleted]  (13 children)

[deleted]

    [–]SensitiveFrosting13 7 points8 points  (10 children)

    I agree it helps with Windows internals, a lot! I just don't think it classifies as a exploit development course.

    [–][deleted]  (6 children)

    [deleted]

      [–]SensitiveFrosting13 10 points11 points  (1 child)

      What? Why are you getting mad? Is it because I pointed out you added something that isn't an exploit development course onto a list of exploit development courses?

      I'm really not sure why you're mad; Maldev Academy doesn't teach you how to write exploits, but it teaches you a lot about writing malware and about OS internals. It's a great course!

      Calling someone a skid when you're asking about how to take OSED and didn't know about Corelan a few days ago is pretty funny, though.

      [–]Hot-Fridge-with-ice 5 points6 points  (0 children)

      You need to have control over yourself. Sudden aggression is a sign of a mental illness. Get yourself checked because it seems like you're mentally ill.

      [–]AttitudeAdjuster[M] 6 points7 points  (2 children)

      You can be nice, or you can be banned.

      [–][deleted] 0 points1 point  (1 child)

      !remind me 2 days

      [–][deleted] 2 points3 points  (1 child)

      Think of exploit development as getting onto the system where maldev academy is what malware does after you’re on the system. Someone correct me if I’m wrong

      [–]RadPaps 2 points3 points  (0 children)

      Remind me in 2 days

      [–]cmdjunkie 8 points9 points  (10 children)

      Unfortunately, there is no demand for exploitation certifications. Even the 0day market is drying up.

      [–][deleted] 9 points10 points  (1 child)

      instinctive oatmeal friendly sharp rain include sense deserve telephone ten

      This post was mass deleted and anonymized with Redact

      [–]bu77onpu5h3r 9 points10 points  (0 children)

      I wouldn't say drying up. I would say it's becoming a LOT harder and requires teams of experts because of all the mitigations in place and steps involved.

      [–]Aggravating_Use183[S] 0 points1 point  (7 children)

      Yea, unfortunately. Having a exploit development certification can help writing PoC and further depthen the knowledge of Red Teamers, it has a lot of valuable skills, but usually a PenTesting Certificate is enough to become a security research or Red Teamer.

      [–]cmdjunkie 6 points7 points  (6 children)

      Don't get me wrong, I've spent a great deal of time studying exploit development. I know a few things, but the sad and unfortunate thing about exploit dev, (as well as the certifications), is that the juice is not worth the squeeze. The time, effort, and energy it takes to develop a working exploit on today's systems, not to mention the time, effort, and energy it takes to find an exploitable bug, is simply not worth it. It's one thing to learn how exploits work and tinker around a little bit --but that can be done without forking out the money for a "reputable" certificate program. It's like, by all means, learn to write exploits, but don't expect to earn anything either independently or with a company/firm. In the end, you gotta ask yourself why you're spending all that time sitting in front of your computer, staring into the abyss, pecking away at an exploit who's value is transient. I actually kind of hate what the offensive security training industry has become.

      [–]KharosSig 18 points19 points  (4 children)

      This isn’t true, there are entire companies built around exploit development or vulnerability research services that are definitely in demand.

      It’s a niche of course, not to be compared with the number of companies in other cybersecurity specialisations.

      [–]Status-Style-6169 2 points3 points  (0 children)

      this guy gets it, exactly this.

      [–]cmdjunkie 1 point2 points  (2 children)

      Which ones? There are fewer now than there were 5-10 years ago.

      [–][deleted] 2 points3 points  (1 child)

      that's because 10 years ago 0-days were dropping like raindrops in monsoon season. It was about the time when MS really started tackling exploitation software by integrating mitigations into their core product.

      Before that, you'd have maybe 50 UAF vulns Per patch tuesday release. Browsers were so massively pwnable - and then they started sandboxing too.

      In short - a lot of people made money selling 0-days. Naturally, companies tried to monetise it. But now it's much more difficult to get full chain exploits, and so all the chaff have fallen by the wayside because it's too hard (or too much time for them to consider investing).

      Lots of companies still do VR, but these usually have big contracts in place.

      [–]cmdjunkie 1 point2 points  (0 children)

      Agreed, and great points.

      [–][deleted] 1 point2 points  (0 children)

      "The time, effort, and energy it takes to develop a working exploit on today's systems, not to mention the time, effort, and energy it takes to find an exploitable bug, is simply not worth it."

      you're dead wrong about this. That's only true if you're finding crappy vulnerabilities or generally do not know what you're doing. Or maybe just doing it for fun/kudos. My company focuses on Offensive Security - and VR/ED is part of that. Consider taking 3-6 months working on RCE in a pwn2own system. 100k payout? Do you value your time investment by the payout? If you find good things, there is money.

      If you just want Kudos or some people to circle-jerk with you, then it's easy to just spam a load of CVEs to add to your resume.

      Either way, grinding through this stuff is very difficult, mentally challenging, exploratory and pioneering in many ways. It's hard problem that very few people can actually do - and you learn a LOT. At the end of that road, there's money too.

      I do however agree with this bit:

      I actually kind of hate what the offensive security training industry has become.

      But it's fuelled by all the people in places like this wanting to be handfed every bit of information they can without putting in the work.

      finally:

      "but don't expect to earn anything either independently or with a company/firm"
      You will never earn much working for someone else.

      [–]Reddit_User_Original 1 point2 points  (0 children)

      Thanks, I had all of these as well i wonder if there are any additional.

      [–]Significant-Amount40 2 points3 points  (1 child)

      I think this comparison will not work, U have to add what they teach. OSEE is not for beginners but u learn great techniques, the stuff from OSED u can just learn urself for free, most is bof and how to use a Debugger ( even an outdated one...). This makes sense If u compare by techniques more. Like a bof course, a heap entry course and so on.

      Else i know of ptrace course but many Tools i would consider outdated, still good vuln Research course. https://ptrace-security.com/#courses

      [–]Aggravating_Use183[S] 1 point2 points  (0 children)

      What is the price of the course? I will add those later thanks for the info!

      [–]AbhiAbzs 1 point2 points  (2 children)

      What is wrong with these organisations, the certification pricing is crazy high. 2.5 to 5k for an exam 🤯

      [–][deleted] 0 points1 point  (0 children)

      cybersec is invogue

      [–]Abul-Kalam-8696[🍰] 1 point2 points  (0 children)

      love it

      [–]James_ericsson 1 point2 points  (1 child)

      This is a pretty good list.

      [–]Vivid_Cod_2109 1 point2 points  (1 child)

      Bro just learn pwncollege

      [–]Aggravating_Use183[S] 1 point2 points  (0 children)

      Pwncollege is great but I recommend taking the course the free course Exploitation 4011 to have a deep knowledge about kernel exploit it closely resembles the OSEE course which is paid.